Posted on October 5, 2023 by nexonhost
How to Get Real Visitor IPs in Web Server Access Logs
In order to receive the real visitor IPs in your back-end’s access logs when using our remote protection services, your web server must be able to parse X-Forwarded-For headers. Some web servers, such as LiteSpeed, NGINX and IIS support this by default.
With Apache, the most popular web server however, you need to use a module, such as mod_rpaf or mod_remoteip in order to get the real visitor IPs. The first part of this tutorial will show you how to install and configure Apache with mod_remoteip. We’re not going to use mod_rpaf in this example, because it’s outdated, doesn’t support CIDRs and only works with Apache 2.2.
We will use 1.2.3.4 as a fictional IP address in this tutorial. When applying the configuration on your backend server, you need to replace 1.2.3.4 with your actual remote DDoS protection IP that you received via email and that you can view in GuardPanel and point your domain to.
CentOS/RHEL & Apache
1.) Install required packages
# yum install gcc wget httpd-devel
2.) Download and compile sources (ONLY if you run Apache 2.2! If you run Apache 2.4 just skip this step)
# wget -O /usr/local/src/mod_remoteip.c https://raw.githubusercontent.com/infinitnet/mod_remoteip-httpd22/master/mod_remoteip.c
# cd /usr/local/src/
# apxs -i -c -n mod_remoteip.so mod_remoteip.c
3.) Configure mod_remote IP for your JavaPipe reverse proxy
Create the file /etc/httpd/conf.d/mod_remoteip.conf and paste the following:
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4
4.) Save it and restart httpd.
If the real IP is not seen in the apache logs, then you will need to add a custom log format:
LogFormat "%a %l %u %t \"%r\" %>s %b" foo
%a – is the client IP of the request.
cPanel/WHM Servers
On WHM/cPanel servers the process is different, because it doesn’t use CentOS repositories for Apache, but instead a tool called EasyApache to compile a custom Apache version from source.
If you use EasyApache 3, do
# cd /var/cpanel/easy/apache/custom_opt_mods # wget https://documentation.cpanel.net/download/attachments/1775755/custom_opt_mod-remoteip.tgz # tar xf custom_opt_mod-remoteip.tgz # rm -f custom_opt_mod-remoteip.tgz
Now recompile Apache from WHM using EasyApache 3 and make sure to enable mod_remoteip in the Exhaustive Options List! Proceed with pasting the config that’s mentioned below the instructions for EasyApache 4.
If you use EasyApache 4, do
# yum -y install ea-apache24-mod_remoteip
Now paste below config to /usr/local/apache/conf/mod_remoteip.conf
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4
Save it and restart httpd.
Ubuntu/Debian & Apache
1.) Install required packages with
# apt-get install gcc wget apache2-prefork-dev
2.) Download and compile sources (ONLY if you run Apache 2.2! If you run Apache 2.4 just skip step 2 and 3 and proceed to step 4)
# wget -O /usr/local/src/mod_remoteip.c https://raw.githubusercontent.com/infinitnet/mod_remoteip-httpd22/master/mod_remoteip.c
# cd /usr/local/src/
# apxs2 -i -c -n mod_remoteip.so mod_remoteip.c
Note: If apxs2 doesn’t work, try apxs
3.) Copy the compiled module to the correct location
# mkdir -p /etc/apache2/modules
# cp /usr/lib/apache2/modules/mod_remoteip.so /etc/apache2/modules/
4.) Configure mod_remote IP for your JavaPipe reverse proxy
Create the file /etc/apache2/conf.d/mod_remoteip.conf and paste
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4
Save it and restart apache2.
Real IP with LiteSpeed
Go to Configuration -> Server, click “Edit” at the “General Settings” box and set “Use Client IP in Header” to “Yes”.
Real IP with NGINX
Open your main NGINX configuration, which includes the “http” block (most likely /etc/nginx/nginx.conf) and append the “http” block to look as follows
set_real_ip_from 1.2.3.4;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
Restart NGINX and you’re done.